{ "schemaVersion": "1.0", "item": { "slug": "http", "name": "HTTP", "source": "tencent", "type": "skill", "category": "通讯协作", "sourceUrl": "https://clawhub.ai/ivangdavila/http", "canonicalUrl": "https://clawhub.ai/ivangdavila/http", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/http", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=http", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/http" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/http", "agentPageUrl": "https://openagent3.xyz/skills/http/agent", "manifestUrl": "https://openagent3.xyz/skills/http/agent.json", "briefUrl": "https://openagent3.xyz/skills/http/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Redirects (Often Confused)", "body": "307 vs 308: both preserve method; 307 temporary, 308 permanent—use these for POST/PUT redirects\n301/302 may change POST to GET (browser behavior)—don't use for API redirects with body\nInclude Location header with absolute URL—relative may fail in older clients\nRedirect loops: limit to 5-10 follows; infinite loops crash clients" }, { "title": "Caching Combinations", "body": "Cache-Control: no-store for sensitive data—never written to disk\nno-cache still caches but revalidates every time—not \"don't cache\"\nprivate, max-age=0, must-revalidate for user-specific, always-fresh content\npublic, max-age=31536000, immutable for versioned static assets\nVary: Accept-Encoding, Authorization when response depends on these headers—forgetting Vary breaks caching" }, { "title": "Conditional Requests", "body": "ETag + If-None-Match: prefer for APIs—content hash based\nStrong vs weak ETags: \"abc\" vs W/\"abc\"—weak allows semantically equivalent responses\nIf-Match for optimistic locking: fail update if resource changed since read\n412 Precondition Failed when If-Match fails—not 409 Conflict" }, { "title": "CORS Preflight Triggers", "body": "Custom headers (anything not Accept, Accept-Language, Content-Language, Content-Type simple values)\nContent-Type other than: application/x-www-form-urlencoded, multipart/form-data, text/plain\nPUT, DELETE, PATCH methods—even to same origin if other conditions met\nReadableStream body—triggers preflight\nPreflight cached per Access-Control-Max-Age—set to 86400 to reduce OPTIONS spam" }, { "title": "Security Headers (Always Set)", "body": "Strict-Transport-Security: max-age=31536000; includeSubDomains—HSTS, once set can't easily undo\nX-Content-Type-Options: nosniff—prevents MIME sniffing attacks\nX-Frame-Options: DENY or SAMEORIGIN—prevents clickjacking\nContent-Security-Policy—complex but essential; start with report-only mode" }, { "title": "Range Requests", "body": "Accept-Ranges: bytes signals support—clients can request partial content\nRange: bytes=0-1023 requests first 1024 bytes; bytes=-500 requests last 500\nReturn 206 Partial Content with Content-Range: bytes 0-1023/5000\n416 Range Not Satisfiable if range invalid—include Content-Range: bytes */5000" }, { "title": "Error Response Best Practices", "body": "Structured JSON errors: {\"error\": {\"code\": \"VALIDATION_FAILED\", \"message\": \"...\", \"details\": [...]}}\nInclude request ID in error response—enables log correlation\nDon't leak stack traces in production—log server-side, return generic message\n409 Conflict for business rule violations (duplicate email, insufficient funds)—not just 400" }, { "title": "Retry Patterns", "body": "Retry only idempotent methods by default—GET, PUT, DELETE, HEAD\nPOST retry needs idempotency key—Idempotency-Key: \nExponential backoff: 1s, 2s, 4s, 8s... with jitter—prevents thundering herd\nRespect Retry-After header—can be seconds or HTTP date\nSet reasonable timeout (30s typical)—don't wait forever" }, { "title": "Headers Often Forgotten", "body": "Vary: must include headers that affect response—CORS without Vary: Origin breaks\nContent-Disposition: attachment; filename=\"report.pdf\" for downloads\nX-Request-ID: generate if not present, propagate to downstream services\nAccept-Language for localized responses—respect with graceful fallback" }, { "title": "Connection Behavior", "body": "HTTP/1.1 without Content-Length or chunked = connection close after response\nTransfer-Encoding: chunked for streaming—can't set Content-Length\nHTTP/2 is binary, multiplexed—no head-of-line blocking at HTTP level\nWebSocket upgrade: GET with Connection: Upgrade, Upgrade: websocket" } ], "body": "Redirects (Often Confused)\n307 vs 308: both preserve method; 307 temporary, 308 permanent—use these for POST/PUT redirects\n301/302 may change POST to GET (browser behavior)—don't use for API redirects with body\nInclude Location header with absolute URL—relative may fail in older clients\nRedirect loops: limit to 5-10 follows; infinite loops crash clients\nCaching Combinations\nCache-Control: no-store for sensitive data—never written to disk\nno-cache still caches but revalidates every time—not \"don't cache\"\nprivate, max-age=0, must-revalidate for user-specific, always-fresh content\npublic, max-age=31536000, immutable for versioned static assets\nVary: Accept-Encoding, Authorization when response depends on these headers—forgetting Vary breaks caching\nConditional Requests\nETag + If-None-Match: prefer for APIs—content hash based\nStrong vs weak ETags: \"abc\" vs W/\"abc\"—weak allows semantically equivalent responses\nIf-Match for optimistic locking: fail update if resource changed since read\n412 Precondition Failed when If-Match fails—not 409 Conflict\nCORS Preflight Triggers\nCustom headers (anything not Accept, Accept-Language, Content-Language, Content-Type simple values)\nContent-Type other than: application/x-www-form-urlencoded, multipart/form-data, text/plain\nPUT, DELETE, PATCH methods—even to same origin if other conditions met\nReadableStream body—triggers preflight\nPreflight cached per Access-Control-Max-Age—set to 86400 to reduce OPTIONS spam\nSecurity Headers (Always Set)\nStrict-Transport-Security: max-age=31536000; includeSubDomains—HSTS, once set can't easily undo\nX-Content-Type-Options: nosniff—prevents MIME sniffing attacks\nX-Frame-Options: DENY or SAMEORIGIN—prevents clickjacking\nContent-Security-Policy—complex but essential; start with report-only mode\nRange Requests\nAccept-Ranges: bytes signals support—clients can request partial content\nRange: bytes=0-1023 requests first 1024 bytes; bytes=-500 requests last 500\nReturn 206 Partial Content with Content-Range: bytes 0-1023/5000\n416 Range Not Satisfiable if range invalid—include Content-Range: bytes */5000\nError Response Best Practices\nStructured JSON errors: {\"error\": {\"code\": \"VALIDATION_FAILED\", \"message\": \"...\", \"details\": [...]}}\nInclude request ID in error response—enables log correlation\nDon't leak stack traces in production—log server-side, return generic message\n409 Conflict for business rule violations (duplicate email, insufficient funds)—not just 400\nRetry Patterns\nRetry only idempotent methods by default—GET, PUT, DELETE, HEAD\nPOST retry needs idempotency key—Idempotency-Key: \nExponential backoff: 1s, 2s, 4s, 8s... with jitter—prevents thundering herd\nRespect Retry-After header—can be seconds or HTTP date\nSet reasonable timeout (30s typical)—don't wait forever\nHeaders Often Forgotten\nVary: must include headers that affect response—CORS without Vary: Origin breaks\nContent-Disposition: attachment; filename=\"report.pdf\" for downloads\nX-Request-ID: generate if not present, propagate to downstream services\nAccept-Language for localized responses—respect with graceful fallback\nConnection Behavior\nHTTP/1.1 without Content-Length or chunked = connection close after response\nTransfer-Encoding: chunked for streaming—can't set Content-Length\nHTTP/2 is binary, multiplexed—no head-of-line blocking at HTTP level\nWebSocket upgrade: GET with Connection: Upgrade, Upgrade: websocket" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ivangdavila/http", "publisherUrl": "https://clawhub.ai/ivangdavila/http", "owner": "ivangdavila", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/http", "downloadUrl": "https://openagent3.xyz/downloads/http", "agentUrl": "https://openagent3.xyz/skills/http/agent", "manifestUrl": "https://openagent3.xyz/skills/http/agent.json", "briefUrl": "https://openagent3.xyz/skills/http/agent.md" } }